Code:
To score an A- at <a href="https://www.ssllabs.com/ssltest/index.html" target="_blank">https://www.ssllabs.com/ssltest/index.html</a> you will need to adjust the Cipher Suite used in WHM for apache. In WHM navagate to Service Configuration »Apache Configuration »Global Configuration and in the Cipher Suite section tick the 3rd radio and fill in the following<br />
<pre><span>ALL:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP</span></pre>
<br /><img src="https://hostigation.com/billing/assets/img/cipher.PNG" alt="cipher" width="760" height="430" /><br />You may also wish to force HSTS <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank">(</a><a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank">Strict-Transport-Security)</a> which is going to depend which version of apache you are running, assuming you are running apache 2.4 make the following directory <br />
<pre>mkdir -p /usr/local/apache/conf/userdata/ssl/2_4</pre>
<br />Now create 2 more directories <br /><pre>cd /usr/local/apache/conf/userdata/ssl/2_4<br />mkdir -p $username/$domain<br /></pre><br />$username is the cPanel username and $domain is the domain you wish to enable HSTS<br />Now create a file hsts.conf and include the following<br /><br />
<pre id="aeaoofnhgocdbnbeljkmbjdmhbcokfdb-mousedown"><IfModule mod_headers.c>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule></pre>
<br />Rebuild httpd.conf and restart apache<br />
<pre><br />/usr/local/cpanel/bin/build_apache_conf<br />service httpd restart</pre>
<br />Now all traffic to this domain will be forced to https:// <br /><br />
Last edited by a moderator:
